6 files changed, 45 insertions, 16 deletions
diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h
index 35efaa0b9..66fb5ea1b 100644
--- a/src/include/ndpi_main.h
+++ b/src/include/ndpi_main.h
@@ -149,7 +149,7 @@ extern "C" {
 					 u_int8_t * nxt_hdr);
   void ndpi_set_risk(struct ndpi_detection_module_struct *ndpi_str,
 		     struct ndpi_flow_struct *flow, ndpi_risk_enum r);
-  int ndpi_is_printable_string(char const * const str, size_t len);
+  int ndpi_is_printable_string(char * const str, size_t len);
 #define NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(entropy) (entropy > 7.0f)
   float ndpi_entropy(u_int8_t const * const buf, size_t len);
   void load_common_alpns(struct ndpi_detection_module_struct *ndpi_str);
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 642a60325..177a7610c 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -114,6 +114,7 @@ typedef enum {
   NDPI_CLEAR_TEXT_CREDENTIALS,
   NDPI_DNS_LARGE_PACKET,
   NDPI_DNS_FRAGMENTED,
+  NDPI_INVALID_CHARACTERS,
   
   /* Leave this as last member */
   NDPI_MAX_RISK /* must be <= 63 due to (**) */
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 03bdccc7a..868373d11 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -106,6 +106,7 @@ static ndpi_risk_info ndpi_known_risks[] = {
   { NDPI_CLEAR_TEXT_CREDENTIALS,                NDPI_RISK_HIGH,   CLIENT_HIGH_RISK_PERCENTAGE },
   { NDPI_DNS_LARGE_PACKET,                      NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE },
   { NDPI_DNS_FRAGMENTED,                        NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE },
+  { NDPI_INVALID_CHARACTERS,                    NDPI_RISK_HIGH,   CLIENT_HIGH_RISK_PERCENTAGE },
 
   /* Leave this as last member */
   { NDPI_MAX_RISK,                              NDPI_RISK_LOW,    CLIENT_FAIR_RISK_PERCENTAGE }
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 602e4c145..76b427e87 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1800,7 +1800,10 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
     
   case NDPI_DNS_FRAGMENTED:
     return("Fragmented DNS message");
-      
+
+  case NDPI_INVALID_CHARACTERS:
+    return("Text contains non-printable characters");
+
   default:
     snprintf(buf, sizeof(buf), "%d", (int)risk);
     return(buf);
@@ -2140,14 +2143,17 @@ void ndpi_set_risk(struct ndpi_detection_module_struct *ndpi_str,
 
 /* ******************************************************************** */
 
-int ndpi_is_printable_string(char const * const str, size_t len) {
+int ndpi_is_printable_string(char * const str, size_t len) {
+  int retval = 1;
+
   for (size_t i = 0; i < len; ++i) {
     if (ndpi_isprint(str[i]) == 0) {
-      return 0;
+      str[i] = '?';
+      retval = 0;
     }
   }
 
-  return 1;
+  return retval;
 }
 
 /* ******************************************************************** */
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index a326b8b68..98c6bf142 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -433,6 +433,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st
       }
     } /* for */
 
+    u_int8_t hostname_is_valid = 1;
     while((j < max_len) && (off < packet->payload_packet_len) && (packet->payload[off] != '\0')) {
       uint8_t c, cl = packet->payload[off++];
 
@@ -444,14 +445,26 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st
 
       if(j && (j < max_len)) flow->host_server_name[j++] = '.';
 
-      while((j < max_len) && (cl != 0)) {
-	u_int32_t shift;
-
-	c = packet->payload[off++];
-	shift = ((u_int32_t) 1) << (c & 0x1f);
-	flow->host_server_name[j++] = tolower((dns_validchar[c >> 5] & shift) ? c : '_');
-	cl--;
-      }
+	  while((j < max_len) && (cl != 0)) {
+		  u_int32_t shift;
+
+		  c = packet->payload[off++];
+		  shift = ((u_int32_t) 1) << (c & 0x1f);
+		  if ((dns_validchar[c >> 5] & shift)) {
+			  flow->host_server_name[j++] = tolower(c);
+		  } else {
+			  if (isprint(c) == 0) {
+			    hostname_is_valid = 0;
+			    flow->host_server_name[j++] = '?';
+			  } else {
+			    flow->host_server_name[j++] = '_';
+			  }
+		  }
+		  cl--;
+	  }
+    }
+    if (hostname_is_valid == 0) {
+      ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS);
     }
 
     flow->host_server_name[j] = '\0';
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index d5fa5db1b..aafa89048 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -391,8 +391,12 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
 	printf("[TLS] %s() IssuerDN [%s]\n", __FUNCTION__, rdnSeqBuf);
 #endif
 
-	if(rdn_len && (flow->protos.tls_quic_stun.tls_quic.issuerDN == NULL))
+	if(rdn_len && (flow->protos.tls_quic_stun.tls_quic.issuerDN == NULL)) {
 	  flow->protos.tls_quic_stun.tls_quic.issuerDN = ndpi_strdup(rdnSeqBuf);
+	  if (ndpi_is_printable_string(rdnSeqBuf, rdn_len) == 0) {
+	    ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS);
+	  }
+	}
 
 	rdn_len = 0; /* Reset buffer */
       }
@@ -513,7 +517,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
 			 packet->payload_packet_len-i-len);
 #endif
 		  if (ndpi_is_printable_string(dNSName, len) == 0) {
-		    ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_SUSPICIOUS_EXTENSION);
+		    ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS);
 		  }
 
 		  if(matched_name == 0) {
@@ -565,6 +569,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
 #if DEBUG_TLS
 		  printf("[TLS] Leftover %u bytes", packet->payload_packet_len - i);
 #endif
+		  ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_SUSPICIOUS_EXTENSION);
 		  break;
 		}
 	      } else {
@@ -1396,6 +1401,9 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 #ifdef DEBUG_TLS
 	  printf("Server TLS [ALPN: %s][len: %u]\n", alpn_str, alpn_str_len);
 #endif
+	  if (ndpi_is_printable_string(alpn_str, alpn_str_len) == 0)
+	    ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS);
+
 	  if(flow->protos.tls_quic_stun.tls_quic.alpn == NULL)
 	    flow->protos.tls_quic_stun.tls_quic.alpn = ndpi_strdup(alpn_str);
 
@@ -1718,7 +1726,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 #endif
 		    if (ndpi_is_printable_string(buffer, len) == 0)
 		    {
-		       ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_SUSPICIOUS_EXTENSION);
+		       ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS);
 		    }
 
 		    if(!is_quic) {